Helmet builds a firewall directly into the browser. Every time you click a link, type a URL, or a page tries to reach a new destination, Helmet intercepts that request before the connection is allowed to complete. The destination is scored in real time against VirusTotal and curated threat intelligence feeds, and Helmet decides whether to allow, warn, or block it — all before a single byte of the page is rendered.
The decision happens before the page loads
1 · Intercept
Helmet sits between the browser engine and the network stack. Each new URL is paused at the moment of navigation, so nothing loads until a decision is made.
2 · Score
The destination is checked in real time against VirusTotal and premium threat intelligence feeds. Known malicious infrastructure is recognized instantly.
3 · Decide
Based on the score, Helmet allows, warns, or blocks the request. Your choices are remembered per-URL, so trusted sites never prompt you twice.
Decision Flow
Each request passes through these layers in order before the page is allowed to load.
1
Existing / Custom / Wildcard Firewall Rules
↓
2
Safe Browsing
↓
3
Helmet Firewall
Blocking ModeSilent Mode
↓
VirusTotal
Conditional — only if VirusTotal Integration is enabled
4
Helmet Sentinel
All Helmets feeds, IoCs, and correlation mechanism
SVG
AppleScript
MimeType
Cross-domain
etc.
See Helmet in action
Watch how the firewall inspects and blocks a malicious destination in real time.
Helmet Browser screenshots
A closer look at the firewall, the live scoring panel, and per-URL decisions.
[ Screenshot 1 ]
[ Screenshot 2 ]
[ Screenshot 3 ]
How Can I Test Helmet?
Use these well-known, harmless test destinations to confirm Helmet's firewall is actively blocking threats. Open each in Helmet and watch the page get stopped before it loads.
Purpose: This is a well-known Safe Browsing test site. According to Google AI, it's the official Safe Browsing website maintained by Google.
How to use it: Open the link in Helmet and click through the listed test cases (for example the malware and phishing examples). Helmet's firewall should intercept and block each destination before the page renders. Open the same links in another browser to compare how Helmet responds.
Purpose: A reserved Google test URL that simulates a malware-hosting page. The .test domain never resolves to a real website — it exists purely to trigger malware detection, so you can validate blocking behavior completely safely.
How to use it: Paste the URL into Helmet's address bar and press Enter. The firewall should score the destination as malicious and stop the navigation before any content is fetched. If the page were to load normally, that would tell you the protection isn't active.
Safe Browsing Warning Tests
Open each test below in Helmet — the firewall should warn or block before the page loads. These cover the Webpage and OSX warnings from Google's Safe Browsing test site that are relevant to Helmet as a macOS browser (deprecated cases excluded).
⚠️NOTE: All URLs and links are Test URLs and should produce / trigger false-positive warnings in order to provide a test mechanism for Safe Browsing and for other Helmet Firewall features. The URLs are provided by their owners and can be changed/deprecated or become unavailable without previous notice. Helmet and Rezolvnet Soluções em Informática Ltda does not provide or maintain the URLs listed on this page — the URLs are publicly accessible resources.⚠️
